Re: [Linux-cluster] To SELinux or not to SELinux ?

From: "Paul M. Dyer" <pmdyer ctgcentral2 com>

To: linux clustering <linux-cluster redhat com>

Subject: Re: [Linux-cluster] To SELinux or not to SELinux ?

Date: Fri, 10 Dec 2010 13:34:52 -0600 (CST)

Hi,
I have used selinux enforcing since RHEL 5.4 on a 3-node RHCS cluster. I believe it has been supported since that release. I made some calls back in RHEL 5.3 regarding some issues, but all problems that I experienced have been resolved. I got plenty of support for my issues.
According to Dan Walsh, performance was addressed early on. I have not had any performance issues using selinux in RHEL 5, RHCS included.
Paul
----- Original Message -----
From: "Nicolas Ross" <rossnick-lists cybercat ca>
To: "linux clustering" <linux-cluster redhat com>
Sent: Friday, December 10, 2010 12:20:52 PM
Subject: Re: [Linux-cluster] To SELinux or not to SELinux ?
>> So, for a cluster, using fencing, gfs, and all the needed tools to
>> run
> a cluster, is there
>> any reason not to use selinux ? I am looking to see if cluster
> operator use or do not
>> use selinux...
>
> Beware that "permissive" mode, far from being benign, can be as
> expensive as having SELinux enabled. See
> http://www.mail-archive.com/linux-cluster redhat com/msg08317.html for
> some details on GFS and extended attributes.
Oh... I didn't tought of performance influence... That alone is enough
to keep it off completly. We will be hosting a high-volume site where
every millisecond counts. That site is composed of about a million files
of different sorts. So, any added delay in accessing a file is not an
option.
-- Linux-cluster mailing list
Linux-cluster redhat com
https://www.redhat.com/mailman/listinfo/linux-cluster